Allison outlines the new delegated alert dismissal feature for Dependabot in GitHub, enabling required reviews before dismissing alerts to improve security governance and compliance.

Require Reviews for Dependabot Alert Dismissal with Delegated Alert Dismissal in GitHub

Overview

A new feature called delegated alert dismissal enables organizations to implement a formal review process before Dependabot alerts are closed. This enhancement is aimed at GitHub Code Security customers and is accessible both via the GitHub UI and API.

Key Benefits

Increases Accountability: Development teams must have a second set of eyes on dismissal actions, promoting responsible vulnerability management.
Prevents Insecure Actions: Unauthorized or accidental alert dismissals are avoided with enforced reviews.
Enhances Scalability: Provides governing tools to better audit and manage alert activity across numerous repositories.
Meets Compliance: Aligns security processes with audit and regulatory requirements for software development.

Availability

Platform: Available on github.com and GitHub Enterprise Server version 3.21 for code security customers.
Controls: Brings consistent governance as seen in code scanning and secret scanning.

Usage and Documentation

Teams can set up delegated alert dismissal through both the web interface and the GitHub API. This enables organizations to:

Standardize their review process for vulnerability alert management
Maintain robust audit trails for compliance and internal policies

For more setup instructions and details, see the Dependabot delegated alert dismissal documentation.

Conclusion

Delegated alert dismissal for Dependabot provides critical governance controls, helping organizations build secure and compliant development workflows in GitHub.

Author: Allison

This post appeared first on “The GitHub Blog”. Read the entire article here